diff --git a/.sops.yaml b/.sops.yaml index 056d8ec..a1951bd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,27 +7,17 @@ keys: - &rackserv age1zutg3s4nth679a6av9xqw4km0ezmfkxlnusu78demf0rzazqn3pqk9exgj creation_rules: - - path_regex: home/profiles/secrets - key_groups: - - age: - - *xun - - path_regex: sys/profiles/secrets/global + - path_regex: secrets/nixdesk key_groups: - age: - *xun - *nixdesk - - *hopper - - path_regex: sys/profiles/secrets/nixdesk - key_groups: - - age: - - *xun - - *nixdesk - - path_regex: sys/profiles/secrets/hopper + - path_regex: secrets/hopper key_groups: - age: - *xun - *hopper - - path_regex: sys/profiles/secrets/rackserv + - path_regex: secrets/rackserv key_groups: - age: - *xun diff --git a/Justfile b/Justfile index 8740874..1bdd02d 100644 --- a/Justfile +++ b/Justfile @@ -7,13 +7,8 @@ local OPERATION *FLAGS: {{FLAGS}} \ {{OPERATION}} - -buildiso *FLAGS: - nix build .#nixosConfigurations.liveiso.config.system.build.isoImage {{FLAGS}} - updatekeys: - fd . sys/profiles/secrets -E '*.nix' -t f -x sops updatekeys -y - + fd . secrets -E '*.nix' -t f -x sops updatekeys -y remote OPERATION HOST REMOTEHOST *FLAGS: nixos-rebuild \ diff --git a/flake.nix b/flake.nix index cbfb7f4..3360a91 100644 --- a/flake.nix +++ b/flake.nix @@ -6,11 +6,13 @@ haumea, ... } @ inputs: let - systemProfiles = haumea.lib.load { - src = ./sys/profiles; - loader = haumea.lib.loaders.path; - }; - homeProfiles = ./home; + _load = path: + haumea.lib.load { + src = path; + loader = haumea.lib.loaders.path; + }; + systemProfiles = _load ./sys/profiles; + homeProfiles = _load ./home; vars = import ./vars; l = nixpkgs.lib; b = builtins; diff --git a/home/cli/gpg.nix b/home/cli/gpg.nix new file mode 100644 index 0000000..3458bab --- /dev/null +++ b/home/cli/gpg.nix @@ -0,0 +1,5 @@ +{ + programs.gpg = { + enable = true; + }; +} diff --git a/home/desktop/common/fuzzel.nix b/home/desktop/__common/fuzzel.nix similarity index 100% rename from home/desktop/common/fuzzel.nix rename to home/desktop/__common/fuzzel.nix diff --git a/home/desktop/common/wl-clipboard.nix b/home/desktop/__common/wl-clipboard.nix similarity index 100% rename from home/desktop/common/wl-clipboard.nix rename to home/desktop/__common/wl-clipboard.nix diff --git a/home/desktop/common/wob.nix b/home/desktop/__common/wob.nix similarity index 100% rename from home/desktop/common/wob.nix rename to home/desktop/__common/wob.nix diff --git a/home/desktop/sway/waybar.nix b/home/desktop/sway/__waybar.nix similarity index 100% rename from home/desktop/sway/waybar.nix rename to home/desktop/sway/__waybar.nix diff --git a/home/desktop/sway/default.nix b/home/desktop/sway/default.nix index b978f6e..f7497cd 100644 --- a/home/desktop/sway/default.nix +++ b/home/desktop/sway/default.nix @@ -6,10 +6,10 @@ ... }: { imports = [ - ../common/fuzzel.nix - ../common/wob.nix - ../common/wl-clipboard.nix - ./waybar.nix + ../__common/fuzzel.nix + ../__common/wob.nix + ../__common/wl-clipboard.nix + ./__waybar.nix ]; # services.gnome-keyring = { diff --git a/home/programs/firefox/search-engines.nix b/home/programs/firefox/search-engines.nix index af274f4..ad87f50 100644 --- a/home/programs/firefox/search-engines.nix +++ b/home/programs/firefox/search-engines.nix @@ -3,9 +3,7 @@ pkgs, ... }: { - programs.firefox.profiles.xun.search = let - inherit (lib) attrsToList singleton; - in { + programs.firefox.profiles.xun.search = { force = true; default = "google"; order = [ @@ -47,6 +45,11 @@ icon = "https://github.githubassets.com/favicons/favicon-dark.svg"; definedAliases = ["@ghn"]; }; + "nixpkgs github" = { + urls = mkUrl "https://github.com/search?type=code&q=repo:NixOS/nixpkgs {searchTerms}"; + icon = "https://github.githubassets.com/favicons/favicon-dark.svg"; + definedAliases = ["@nixpkgs"]; + }; "Brave" = { urls = mkUrl "https://search.brave.com/search?q={searchTerms}"; icon = "https://brave.com/static-assets/images/brave-favicon.png"; @@ -57,21 +60,19 @@ icon = "https://www.youtube.com/favicon.ico"; definedAliases = ["@yt"]; }; - "crates.io" = { urls = mkUrl "https://crates.io/search?q={searchTerms}"; icon = "https://crates.io/favicon.ico"; definedAliases = ["@cr"]; }; "noogle" = { - url = mkUrl "https://noogle.dev/q?term={searchTerms}"; + urls = mkUrl "https://noogle.dev/q?term={searchTerms}"; icon = "https://noogle.dev/favicon.png"; - definedAliases = ["@noogle"]; + definedAliases = ["@nog"]; }; "google".metaData.alias = "@go"; "ddb".metaData.alias = "@ddg"; - "wikipedia".metaData.alias = "@wiki"; "bing".metaData.alias = "@bi"; }; }; diff --git a/hosts/hopper/home.nix b/hosts/hopper/home.nix index af24cb6..2657e9f 100644 --- a/hosts/hopper/home.nix +++ b/hosts/hopper/home.nix @@ -4,20 +4,20 @@ pkgs, ... }: { - imports = map (x: homeProfiles + x) [ - /cli/xdg.nix - /cli/comma.nix + imports = with homeProfiles; [ + cli.xdg + cli.comma - /programs/nvim.nix - /programs/foot.nix + programs.nvim + programs.foot - /desktop/xdg-portals.nix - /desktop/sway/default.nix + desktop.xdg-portals + desktop.sway.default - /programs/mpv.nix + programs.mpv - /services/playerctl.nix - /services/polkit-agent.nix + services.playerctl + services.polkit-agent ]; wayland.windowManager.sway.config.output."HDMI-A-1".scale = "2.0"; diff --git a/hosts/hopper/profiles/lab/caddy.nix b/hosts/hopper/profiles/lab/caddy.nix index e8825a6..979412f 100644 --- a/hosts/hopper/profiles/lab/caddy.nix +++ b/hosts/hopper/profiles/lab/caddy.nix @@ -20,7 +20,12 @@ in { services.caddy = { enable = true; - globalConfig = "metrics"; + globalConfig = '' + metrics + servers { + trusted_proxies static 10.0.0.1 + } + ''; virtualHosts = let mkPublicEntry = name: destination: { hostName = "${name}.${domain}:80"; @@ -43,6 +48,7 @@ in { navidrome = mkPublicEntry "navidrome" "${bridge}:${toString config.services.navidrome.settings.Port}"; vaultwarden = mkPublicEntry "vw" "${bridge}:${toString config.services.vaultwarden.config.ROCKET_PORT}"; abs = mkPublicEntry "abs" "${bridge}:${toString config.services.audiobookshelf.port}"; + miniflux = mkPublicEntry "rss" "${bridge}:18632"; navidrome2 = mkPrivateEntry "navidrome" "${bridge}:${toString config.services.navidrome.settings.Port}"; slskd = mkPrivateEntry "slskd" "localhost:${toString config.services.slskd.settings.web.port}"; diff --git a/hosts/hopper/profiles/lab/default.nix b/hosts/hopper/profiles/lab/default.nix index 99ae776..710d3c9 100644 --- a/hosts/hopper/profiles/lab/default.nix +++ b/hosts/hopper/profiles/lab/default.nix @@ -9,6 +9,7 @@ ./glances.nix ./homepage.nix ./minecraft.nix + ./miniflux.nix ./navidrome ./prometheus.nix ./restic.nix diff --git a/hosts/hopper/profiles/lab/homepage.nix b/hosts/hopper/profiles/lab/homepage.nix index f56c91a..9bb6373 100644 --- a/hosts/hopper/profiles/lab/homepage.nix +++ b/hosts/hopper/profiles/lab/homepage.nix @@ -79,6 +79,12 @@ in { icon = "vaultwarden"; }; } + { + "miniflux" = { + href = "https://rss.${domain}"; + icon = "miniflux"; + }; + } ]; } ]; diff --git a/hosts/hopper/profiles/lab/miniflux.nix b/hosts/hopper/profiles/lab/miniflux.nix new file mode 100644 index 0000000..53572be --- /dev/null +++ b/hosts/hopper/profiles/lab/miniflux.nix @@ -0,0 +1,14 @@ +{ + vars, + config, + ... +}: { + services.miniflux = { + enable = true; + adminCredentialsFile = config.sops.secrets.miniflux.path; + config = { + BASE_URL = "https://miniflux.${vars.domain}"; + LISTEN_ADDR = "${config.vpnNamespaces."wg".bridgeAddress}:18632"; + }; + }; +} diff --git a/hosts/hopper/profiles/lab/vpn-namespace.nix b/hosts/hopper/profiles/lab/vpn-namespace.nix index b0d6033..6b8b5e0 100644 --- a/hosts/hopper/profiles/lab/vpn-namespace.nix +++ b/hosts/hopper/profiles/lab/vpn-namespace.nix @@ -11,6 +11,7 @@ config.services.audiobookshelf.port config.services.navidrome.settings.Port config.services.glances.port + 18632 ]; in { extraCommands = builtins.concatStringsSep "\n" (map diff --git a/hosts/hopper/profiles/persistent.nix b/hosts/hopper/profiles/persistent.nix index cf8d5ca..d358f8d 100644 --- a/hosts/hopper/profiles/persistent.nix +++ b/hosts/hopper/profiles/persistent.nix @@ -8,6 +8,7 @@ "/var/log" "/var/lib/nixos" "/var/lib/bluetooth" + "/var/lib/postgresql" ]; files = [ "/etc/machine-id" diff --git a/hosts/nixdesk/default.nix b/hosts/nixdesk/default.nix index 40bb650..751a2c5 100644 --- a/hosts/nixdesk/default.nix +++ b/hosts/nixdesk/default.nix @@ -65,6 +65,7 @@ programs.home-manager # programs.qt programs.adb + programs.gpg programs.openrgb programs.tools programs.thunar diff --git a/hosts/nixdesk/home.nix b/hosts/nixdesk/home.nix index 4dd5344..11eb409 100644 --- a/hosts/nixdesk/home.nix +++ b/hosts/nixdesk/home.nix @@ -6,63 +6,64 @@ homeProfiles, ... }: { - imports = map (x: homeProfiles + x) [ - /cli/zsh.nix - /cli/fish.nix + imports = with homeProfiles; [ + cli.zsh + cli.fish - /cli/xdg.nix - /cli/direnv.nix - /cli/tmux.nix - /cli/comma.nix - /cli/irssi.nix - /cli/git.nix - /cli/github.nix - /cli/jujutsu.nix + cli.xdg + cli.direnv + cli.tmux + cli.comma + cli.irssi + cli.gpg + cli.git + cli.github + cli.jujutsu - /programs/nvim.nix + programs.nvim - /programs/firefox/default.nix - /programs/tor.nix - /programs/chromium.nix + programs.firefox.default + programs.tor + programs.chromium - /programs/foot.nix + programs.foot - /themes/dark/default.nix + themes.dark.default # desktop - /desktop/xdg-portals.nix - /desktop/sway/default.nix + desktop.xdg-portals + desktop.sway.default # development - /develop/common.nix - /develop/docs.nix + develop.common + develop.docs - /develop/langs/haskell.nix - /develop/langs/go.nix - /develop/langs/js.nix - /develop/langs/rust.nix - /develop/langs/elixir.nix - /develop/langs/nix.nix - /develop/langs/zig.nix - /develop/langs/lua.nix - /develop/langs/c.nix - /develop/langs/csharp.nix + develop.langs.haskell + develop.langs.go + develop.langs.js + develop.langs.rust + develop.langs.elixir + develop.langs.nix + develop.langs.zig + develop.langs.lua + develop.langs.c + develop.langs.csharp # programs - /programs/discord.nix - /programs/obs.nix + programs.discord + programs.obs - /programs/beets.nix - /programs/cmus.nix + programs.beets + programs.cmus - /programs/mpv.nix + programs.mpv # gaming - /programs/mangohud.nix - /programs/jc141.nix + programs.mangohud + programs.jc141 - /services/playerctl.nix - /services/polkit-agent.nix + services.playerctl + services.polkit-agent ]; wayland.windowManager.sway.extraConfig = '' diff --git a/sys/profiles/programs/gpg.nix b/sys/profiles/programs/gpg.nix new file mode 100644 index 0000000..fc6e537 --- /dev/null +++ b/sys/profiles/programs/gpg.nix @@ -0,0 +1,5 @@ +{ + programs.gnupg.agent = { + enable = true; + }; +}